Personal Data Policy

Background and purpose

This Personal Data Policy applies to the processing of personal data that forms part of Danfo’s business operations and applies to all Danfo employees. Personal privacy is important to Danfo, and this Personal Data Policy describes the processing of personal data that takes place within the framework of Danfo’s business operations, the purposes of the processing, with whom we may share your personal data and your rights with regard to your personal data.

Key concepts

Personal data are data that can be linked directly or indirectly to a physical living individual. Examples of personal data include name, personal identity number, address, telephone number and e-mail address. Processing of personal data includes all handling of personal data, for example: gathering, registration and storage. Those responsible for personal data are those who, either alone or together with others, determine the purpose and means for the processing of details about an individual, and they are ultimately responsible for ensuring that such data is processed in accordance with applicable personal data legislation.

At Danfo, the CFO is responsible for personal data.

Data processed

Danfo AB may gather and process the following personal data:
• Name
• Address
• E-mail address
• Telephone number
• Personal identity number
• Account number
• Family contact and telephone number
• Driver’s license
• Personal permits or certifications
• Location data gathered through, for example, JETAS, ABAX, and mobile devices
• and any other data you submit personally or that are gathered by us in connection with your employment at Danfo.

Purpose of processing

Danfo AB will process the above data for the following purposes:
• To prepare employment contracts
• To be able to pay salaries
• To be able to report tax deductions to Skatteverket (Swedish Tax Agency)
• To be able to register you with FORA, Collectum or other pension companies
• To provide information to Försäkringskassan (Swedish Social Insurance Administration)
• To be able to issue employer’s certificates
• For other services that may arise in connection with ongoing salary administration
• For other needs crucial for you to be able to perform your duties as an employee
• And to meet other statutory obligations.

Publication of personal data

No personal data are to be published or made public without the employee’s consent. An exception to this is the publication of names, positions, contact details and images on Danfo’s external websites, in newsletters, and in connection with the submission of bids, with regard to individuals relevant to Danfo’s operations. An additional exception to this is the publication of names, positions, contact details and images on Danfo’s intranet or sharepoint. Full personal identification numbers are never to be published or made public, although the first six digits may be published or made public.

With whom may data be shared?

Danfo may share your data with, or transfer it to, select third parties, as follows. When sharing or transferring data, Danfo takes all reasonable legal, technical and organisational measures to ensure that your data is handled securely and with an adequate level of protection.
• Group companies: Danfo may share your personal data with companies within the Danfo Group in performing Danfo’s obligations to you, and for other purposes as set out in this Personal Data Policy.
• Authorities: Danfo may provide required data to authorities including the police, the tax authorities or other authorities if Danfo is required to do so by law, or if the employee has consented to this. We are, for example, legally required to provide information for measures against money laundering and terrorist financing.
• Divestment: Danfo may share your information with third parties. In the event that Danfo divests or acquires operations or assets, Danfo may disclose the employee’s personal information to a potential seller or buyer of such operations or assets.
• Other external parties: Danfo will not sell the employee’s personal data to third parties without the employee’s consent.

Where do we process your personal data?

Danfo always strives to process your data within the EU/EEA. In certain situations, however, data may be transferred to, and processed in, non-EU/EEA countries by a company within our Group. As Danfo is determined to always protect your data, Danfo will take all reasonable legal, technical and organisational measures to ensure that the employee’s data is handled securely and with an adequate level of protection, comparable to, and of the same level as, the protection offered in the EU/EEA.

Disposal of personal data

Employees’ personal data are not stored longer than is necessary to fulfil the purposes for which they are processed.

Employees’ rights of access, correction and deletion

• Right of access to your data: You may request a copy (register extract) of the data you would like to know about, and you may verify the information we have regarding you.
• Right to correction: You are entitled to correct incorrect or incomplete data about you.
• Right to deletion (“the right to be forgotten”): You are entitled to request the deletion of your personal data where that data is no longer necessary for the purpose for which it was gathered. There may, however, be legal obligations preventing us from immediately deleting parts of your data. These obligations derive from accounting and tax legislation, as well as banking and anti-money laundering legislation. In such cases, we block the data that we are required to save from being used for purposes other than complying with these legal obligations.

Changes to this Personal Data Policy

Future changes to this Personal Data Policy will be announced within the organisation by publication in Danfo’s Operations Systems. The publication of updated policies is always announced at the ensuing information meeting.